﻿using Microsoft.AspNetCore.Mvc.Filters;
using System.Threading.Tasks;

namespace IdentityServerApi.Filter
{
    public class ResultFilterAttribute : ActionFilterAttribute
    {
        public override async Task OnResultExecutionAsync(ResultExecutingContext context, ResultExecutionDelegate next)
        {
            if (!context.HttpContext.Response.Headers.ContainsKey("X-Content-Type-Options"))
            {
                context.HttpContext.Response.Headers.Add("X-Content-Type-Options", "nosniff");
            }

            // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
            if (!context.HttpContext.Response.Headers.ContainsKey("X-Frame-Options"))
            {
                context.HttpContext.Response.Headers.Add("X-Frame-Options", "SAMEORIGIN");
            }

            // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
            var csp = "default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';";
            // also consider adding upgrade-insecure-requests once you have HTTPS in place for production
            //csp += "upgrade-insecure-requests;";
            // also an example if you need client images to be displayed from twitter
            // csp += "img-src 'self' https://pbs.twimg.com;";

            // once for standards compliant browsers
            if (!context.HttpContext.Response.Headers.ContainsKey("Content-Security-Policy"))
            {
                context.HttpContext.Response.Headers.Add("Content-Security-Policy", csp);
            }
            // and once again for IE
            if (!context.HttpContext.Response.Headers.ContainsKey("X-Content-Security-Policy"))
            {
                context.HttpContext.Response.Headers.Add("X-Content-Security-Policy", csp);
            }

            // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
            var referrer_policy = "no-referrer";
            if (!context.HttpContext.Response.Headers.ContainsKey("Referrer-Policy"))
            {
                context.HttpContext.Response.Headers.Add("Referrer-Policy", referrer_policy);
            }
            //if (context.ModelState.IsValid)
            //{
            //    object value = null;
            //    if (context.Result.GetType().GetProperty("Value") != null)
            //    {
            //        value = (context.Result as dynamic)?.Value;
            //    }
            //    context.Result = new JsonResult(new ReponseModel { success = true, data = value, msg = "" });
            //    context.HttpContext.Response.StatusCode = StatusCodes.Status200OK;
            //}
            //else
            //{
            //    var list = new List<string>();
            //    foreach (var item in context.ModelState.Values)
            //    {
            //        foreach (var error in item.Errors)
            //        {
            //            list.Add(error.ErrorMessage);
            //        }
            //    }
            //    context.Result = new JsonResult(new ReponseModel { success = false, data = list, msg = "参数错误" });
            //    context.HttpContext.Response.StatusCode = StatusCodes.Status400BadRequest;
            //}
            await base.OnResultExecutionAsync(context, next);
        }
    }
}
